CVE-2023-20569

CWE-203CWE-103720 documents8 sources
Severity
4.7MEDIUM
EPSS
0.6%
top 29.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
180
AMD Epyc 72f3 FirmwareAMD Epyc 7313 FirmwareAMD Epyc 7313p Firmware+177 more
Timeline
PublishedAug 8
Latest updateOct 31

Description

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages178 packages

NVDmicrosoft/windows< 10.0.14393.6167+3
NVDamd/epyc_72f3_firmware< milanpi_1.0.0.c
NVDamd/epyc_7313_firmware< milanpi_1.0.0.c
NVDamd/epyc_7343_firmware< milanpi_1.0.0.c
NVDamd/epyc_73f3_firmware< milanpi_1.0.0.c

Also affects: Debian Linux 10.0, 11.0, 12.0, Fedora 37, 38

🔴Vulnerability Details

8
OSV
linux-intel-iotg-5.15 vulnerabilities2023-10-24
OSV
linux-intel-iotg vulnerabilities2023-10-19
OSV
linux-raspi vulnerabilities2023-10-19
OSV
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities2023-10-06
OSV
linux-oem-6.1 vulnerabilities2023-10-04

📋Vendor Advisories

11
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2023-10-31
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-10-19
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-10-19
Ubuntu
Linux kernel vulnerabilities2023-10-06
Ubuntu
Linux kernel vulnerabilities2023-10-05
CVE-2023-20569 (MEDIUM CVSS 4.7) | A side channel vulnerability on som | cvebase.io